Thursday, June 29, 2006

Linux Password reveal

Hi, I just discover how a Linux password is formed. This information is useful for those who have to write a piece of code for their software to either match user authentication or make new user from their script. Though Linux Provide PAM for the purpose, but for me configuring PAM for you application that can generate its password itself is not useful. But its recommended as its General application and if in future Linux authentication method or password saving change you can easily adopt to it. Anyways, here is where we store User information in linux /etc/passwd and here we store its password /etc/shadow now shadow file has column seperated by [ : ] colons like sumit:$1$YgUxVnSK$/Y/QjCfBDyoZriQ7oQnxs.:13316:0:99999:7::: in this it tells there is a user call sumit with password as $1$YgUxVnSK$/Y/QjCfBDyoZriQ7oQnxs. This password is divided in Three parts seperated by $ (dollar) sign. $1 is indication of fact taht its an MD5 crypted password $YgUxVnSK is the salt use to crypt the password $/Y/QjCfBDyoZriQ7oQnxs. is the password But these values are read without $ sign :o) So if you need to make a linux password simple take a Salt for your Password encryption and crypt your password with it and than append $1 with both values and write it in Shadow file.. simple in PHP its quite simple to do ...just call crypt function with out any salt like $password= crypt("mypassword"); And in PERL you need to ensure a random salt as crypt function of perl produce different result on windows and on Linux :o( in windows machine crypt function call will be $password= crypt("mypassword",""); produce some thing like /Y/QjCfBDyoZriQ7oQnxs. where as in linux it will be full linux password style Hope I am clear in telling linux password, as programmer you don't need to know more on this... Sumit Gupta

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home